“On-demand” on-line services are increasingly common and present on multiple platforms, such as personal computers, decoders for television connected to the Internet, mobile telephones or tablets.
However, these services need to be protected against malicious users or software programs trying to illicitly exploit the data supplied by these services, in particular in the field of on-demand videos or of pay television.
Technical protection measures are therefore implemented in order to control the use that is made of digital works. For example, a Conditional Access System (or CAS) is generally set up in the framework of the broadcasting of a video and audio content, or multimedia content.
In summary, in a CAS process, the multimedia content is encrypted by servers by virtue of a symmetrical key and the content broadcast is only accessible to the clients possessing the key.
Furthermore, notably in the framework of downloading of a data stream (or “Streaming”) or of a bulk downloading of data, digital rights management (or DRM) systems are set up.
In summary, in a DRM process, a client sends to a server an identification key specific to the client. If this client is authorized to access the content, the server encodes a content key by virtue of the identification key and transmits the encoded content key to the authorized client who is the only one able to decode it. The encrypted multimedia content is subsequently transmitted to the client who can decrypt it thanks to the decoded content key.
The processes of encryption-decryption are implemented by encryption-decryption means, generally formed by autonomous and secure hardware circuit blocks. The encryption-decryption means are controlled and managed by a digital rights management means DRM and a conditional access means CAS, henceforth referred to as management means.
The management means may be implemented in a secure area known as a “Trusted Execution Environment” (or TEE) of a processing system of the electronic support, which is generally the main processor.
The TEE notably allows secure software programs, referred to as trusted applications, to be executed in a secure manner disposing of an average allocated processing capacity and secure memory. The processing systems generally comprise a hardware-secured element (or SE for “Secure Element”) having little processing capacity but an excellent security. Conversely, the processing systems comprise an area allocated to an operating system (or REE for “Rich Execution Environment”) disposing of significant resources but which are not very secure and therefore very exposed to external attacks.
Furthermore, multimedia output interface protections have been developed and are required notably depending on the services of the multimedia content providers. For example, a version of the protection HDCP may be required on a digital video and audio output interface of the HDMI or DVI type.
There also exist protections for analogue video and audio outputs, of the CGMS-A or “Macrovision” type. Transcoding protections may be required, notably the DTCP protocol in the framework of a wireless communication of the WiFi type. Specific protections of the digital watermarking type, consisting in integrating into the multimedia content a mark invisible to a person but traceable by machine, may furthermore be required.
The application of the multimedia output interface protection required and the delivery of a multimedia signal on a multimedia output interface are generally controlled by respective drivers using the REE.
The means for implementing the multimedia output interface protection, referred to as protection means, and the delivery means, referred to as multimedia output interface, are generally formed by autonomous and secure hardware circuit blocks.
In view of the diversification of the media that can benefit from multimedia services protected by CAS and DRM, and therefore of the diversification of the risks of fraud, it is desirable for the systems-on-a-chip (SoC) implementing these services to be robust against malicious attacks, and notably as regards multimedia interface protections.
For this purpose, it may be envisaged to migrate the control and the application of the multimedia interface protections in their entirety into a TEE secure area. However, this requires the TEE to have a processing capacity that is sufficiently large to directly control the multimedia output interface protection, and migration of such systems has many technological constraints. Indeed, many existing hardware blocks, each providing a function established and designed using a given technological process, would be subject to severe modifications or even new designs.